Site collection administrator created through CSOM cannot view site

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/259645

Question

I am having a strange situation where I am not able to view a site collection as a site collection administrator. The catch is that I created the site collection admin through CSOM.

Steps to reproduce

  1. Create the site collection

  2. Create the user with csom and assign IsSiteAdmin to the user. 

    using (ClientContext clientContext = getClientContext((string)action["SiteCollectionUrl"])) {

clientContext.Load(clientContext.Web);
clientContext.Load(clientContext.Site);
clientContext.Load(clientContext.Site.RootWeb);
clientContext.ExecuteQuery();

UserCreationInformation userCreationInfo = new UserCreationInformation();  
userCreationInfo.LoginName = "mydomain\\owner3f3f152a7b39";
userCreationInfo.Title = "Fnowner3f3f152a7b39 Lnowner3f3f152a7b39";
User spUser = clientContext.Site.RootWeb.SiteUsers.Add(userCreationInfo);  

clientContext.ExecuteQuery();
spUser.IsSiteAdmin = true; 
spUser.Update();

clientContext.Load(spUser); 
clientContext.ExecuteQuery();
}

  3. Log in as the user and navigate to the site and you will get "you do not have permission to access this site."

If I delete the user that I created from the users page: http://win-d9fm7ip9r36/sites/3f3f15-ec-10cd-4fd5-8973-11f297921cf1/_layouts/15/start.aspx#/_layouts/15/user.aspx
Then I recreate the user using the UI, it works fine.

I think the problem is with how I am creating the user.

When I create the user using my CSOM program, the user looks like this:

Account     MYDOMAIN\owner3f3f152a7b39
Name    Snowner3f3f152a7b39 Fnowner3f3f152a7b39

When I create the user from the UI, it looks like this:

Account     i:0#.w|mydomain\owner3f3f152a7b39
Name    Snowner3f3f152a7b39 Fnowner3f3f152a7b39

What am I missing? Why is the claims prefix not being added? Is that something we have to do manually?

In other words, should I have done this?

    userCreationInfo.LoginName = "i:0#.w|mydomain\\owner3f3f152a7b39";
Was it helpful?

Solution

Have you tried using web.EnsureUser(loginName) to add the user? Also, I stumbled on this other article that seems to be saying that if you are using claims, you do need to include the claims prefix as part of the login name.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top